This is the 25th episode of the Security Justice podcast recorded May 19th, 2010 live at Damon’s Grill in Independence, OH. This episode was hosted by Tom, Dave, Matt and Chris with special guest Rafal Los (speaker, blogger, appsec ninja). Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC. Here are the show notes:
* We have our very first out of town guest! Rafal Los from HP joins us for some *very* lively conversation. You should really read his blogs.
* Rafal gives an update on THOTCON. Yes, we want to podcast LIVE from THOTCON next year! It’s in Chicago. We like Chicago.
* Rafal also did 30 disasters in 30 days (this is the first one). Awesome read!
* Check out Rafal’s talk from Source Boston: Into the Rabbit Hole: Execution Flow-Based Web Application Testing. * We have some great discussion about this on why we are failing at web app testing. Can QA do security? Should developers be licensed like other industries?
* We end with a discussion on security certifications, degrees, red team vs. blue team and the word “Cyber”….oh my.
Stay tuned after the podcast for some exclusive LIVE dualCORE and an interesting collection of bumpers. Enjoy!